Unable to create Proxies on PCF environment

Question

Unable to create Proxies on PCF environment

AnuradhaBose opened this issue 2 years ago · comments

Hi,
I am trying to use ToxiProxy on PCF environment. I have deployed ToxiProxy and my application both on PCF environment. I have created a proxy to my app on port 8082. But when I try to hit the app endpoint using this proxy port, it is not able to connect. PCF does not provide a direct way of exposing ports, it is driven by routes. Is there any way to get this working on PCF?

Michael Nikitochkin · Answer 1 · Thu Jul 14 2022 01:26:16 GMT+0800 (China Standard Time)

@AnuradhaBose I would like to help, but I have lack of knowledge about "PCF environment".

Can you share what does mean PCF environment?
How can I reproduce the problem?

AnuradhaBose · Answer 2 · Thu Jul 14 2022 02:19:26 GMT+0800 (China Standard Time)

Hi @miry - By PCF environment I mean, I have deployed the ToxiProxy and my app(pcfDemo) on Pivotal Cloud Foundry. The endpoint of my app is https://pcfDemo.pc.onefiserv.net/pcftest/test. I have created a proxy using toxiproxy-cli create -l 0.0.0.0:8082 -u pcfDemo.pc.onefiserv.net:443 pcfProxy. But when I do this, curl -ivk -H "Host:pcfDemo.pc.onefiserv.net" https://toxiproxy.pc.onefiserv.net:8082/pcftest/test, I get an error saying connection refused.

Michael Nikitochkin · Answer 3 · Thu Jul 14 2022 14:39:08 GMT+0800 (China Standard Time)

@AnuradhaBose Thank you for clarification.
It is a known issue to support SSL handshake with different hostnames.

Similar:

#267
#270

AnuradhaBose · Answer 4 · Mon Jul 18 2022 20:12:51 GMT+0800 (China Standard Time)

Hi @miry - Could you please let me know how the ToxiProxy server works internally? When we create a proxy for example on port 8082, does any process run on 8082? How does ToxiProxy server identify a request and redirects it to the proxied host? I am trying several options for this to work on Pivotal Cloud Foundry, hence the ask for more details on how the server works.

Jordan Neufeld · Answer 5 · Wed Jul 20 2022 01:54:02 GMT+0800 (China Standard Time)

Hi @AnuradhaBose,

When we create a proxy for example on port 8082, does any process run on 8082?

When a proxy is created on a port such as 8082, toxiproxy will start a TCP listener on this port for the proxy. There is no new process start, but you should see that the toxiproxy server process is now 'listening' on this new port.

How does Toxiproxy server identify a request and redirects it to the proxied host?

It's important to remember that Toxiproxy is not (currently) L7 protocol-aware, it is only a raw TCP proxy. This means that it cannot, and does not, inspect any HTTP headers or any other 'application' information in the tcp stream. Toxiproxy simply accepts the tcp connection on a given port and will send that tcp traffic to the configured upstream for the proxy (pcfDemo.pc.onefiserv.net:443 in your case)

If you have not done so already, I'd recommend that you try out your toxiproxy configuration on a local machine with your app and ensure it's working like you expect before deploying it to a more complicated environment like Pivotal Cloud Foundry or Kubernetes, etc.

AnuradhaBose · Answer 6 · Thu Jul 28 2022 18:55:48 GMT+0800 (China Standard Time)

Hi @neufeldtech - Thanks for the detailed explanation. I have tried it in my local desktop and it seems to work fine. But it does not seem to work when I deploy it on Pivotal Cloud Foundry. I am able to start the toxiproxy server as an app in PCF. I am also able to create proxies to other apps on the same Pivotal Cloud Foundry environment. The proxy works when I ssh into the app container and run it using localhost. But when I try to access the proxy endpoint from outside( say postman) it does not work. Is there any way to resolve this ?

Michael Nikitochkin · Answer 7 · Mon Aug 01 2022 19:22:18 GMT+0800 (China Standard Time)

@AnuradhaBose I would start to check logs from Pivotal and security rules to access some ports. Check logs in toxiproxy server.